FC2: Dovecot, Unable to produce self signed SSL certificate

Tony Ransom tony at aeran.info
Thu Jun 24 07:28:23 UTC 2004 

Thanks David. I should have noticed.

Worked fine now.

David Keen wrote:

>On Wed, 2004-06-23 at 13:51, Tony Ransom wrote:
>  
>
>>I've been trying for a couple of days to produce a self  signed
>>certificate for Dovecot. (I never had any problem with UW-imap)
>>
>>Using the provided mkcert.sh, I found the following problems:
>>
>>1. The SSLDIR variable was incorrect. Got the error message - 
>>
>>/etc/ssl/certs directory doesn't exist
>>/etc/ssl/private directory doesn't exist. 
>>
>>I changed this to point to /usr/share/ssl
>>    
>>
>
>Yep.
>
>  
>
>>2. When I ran again ran the script, it complained:
>>
>>/usr/share/ssl/certs/imapd.pem already exists, won't overwrite. Why
>>imapd.pem, when there is a dovecot.pem file?
>>
>>3. I commented out the checks in the script file that look for
>>existing dovecot.pem files. It ran further  this time. I got:
>>
>>
>>Generating a 1024 bit RSA private key
>>.......................................++++++
>>.........++++++
>>writing new private key to '/usr/share/ssl/private/imapd.pem'
>>-----
>>
>>subject= /OU=IMAP POP
>>server/CN=server.aeran.info/emailAddress=admin at aeran.info
>>MD5 Fingerprint=4A:6C:7C:9F:E7:BD:38:04:3F:81:1D:69:DE:17:9B:DA
>>
>>Note it wrote 'imapd.pem' not 'dovecot.pem' as I would have expected.
>>
>>It didn't write dovecot.pem into /usr/share/ssl/certs
>>
>>Dovecot  won't start if the .pem files are not correct. You get:
>>
>>Jun 23 21:39:39 server imap-login: Can't load private key file
>>/usr/share/ssl/private/dovecot.pem: error:0B080074:x509 certificate
>>routines:X509_check_private_key:key values mismatch
>>
>>What is going on here??
>>
>>Why two certificates? Should they be imapd.pem or dovecot.pem?
>>
>>I've done a lot of googling, and looking in the dovecot lists, trying
>>to find an answer. No luck.
>>
>>Could someone please look into this? 
>>    
>>
>
>I also had to modify the following in my mkcert.sh:
>CERTFILE=$SSLDIR/certs/dovecot.pem
>KEYFILE=$SSLDIR/private/dovecot.pem
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040624/f4ea7e6c/attachment-0001.htm>

More information about the fedora-list mailing list